A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A list of interesting payloads, tips and tricks for bug bounty hunters.

All about bug bounty (bypasses, payloads, and etc)

The all-in-one browser extension for offensive security professionals 🛠

🎯 SQL Injection Payload List

The Official USB Rubber Ducky Payload Repository

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Git All the Payloads! A collection of web attack payloads.

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

A container repository for my public web hacks!

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Undetectable Windows Payload Generation

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Image Payload Creating/Injecting tools

Writing custom backdoor payloads with C# - Defcon 27 Workshop

🎯 XML External Entity (XXE) Injection Payload List